To connect using an RD Gateway server, navigate to the Advanced tab of the Remote Desktop Connection Properties dialog box and click Settings under Connect From Anywhere. This opens the RD Gateway Server Settings dialog box. This dialog box allows you to specify RD Gateway settings, including whether or not you want the RD Gateway to be detected automatically, whether to use a specific RD Gateway server, as shown in the firgure, or you can specify Do Not Use an RD Gateway Server, which is the default setting.

Question No: 222 – (Topic 3)

You have a computer that runs Windows 7.

You install Internet Information Services (IIS) to test a web based application. You create a local group named Group1. You need to ensure that only the members of Group1 can access the default Web site.

Which two configuration changes should you perform? (Each correct answer presents part of the solution, Choose two.)

Modify the properties of Group1.

Assign an SSL certificate to the default Web site.

Modify the authentication methods of the default Web site.

Modify the NTFS permissions of the %systemroot%\inetpub\wwwroot folder

Answer: C,D Explanation:

Modifying the Default Authentication Method

You can use the Directory Security tab of the Web Site Properties dialog box to change the authentication method. The authentication method determines whether users are identified, and how users must be identified to access your site. The authentication method you select varies, depending on the kind of site you are creating and the purpose of the site.

Modify the NTFS permissions of the %systemroot%\inetpub\wwwroot folder

Question No: 223 – (Topic 3)

You migrate user state data from Computer1 to Computer2. The migrated data contains several Microsoft Office Excel files.

You need to ensure that you can open the Excel files by using Excel on Computer2. What should you do?

Install Office.

Disable User Account Control (UAC).

Modify the default program settings.

Run Loadstate.exe /i:migapp.xml.

Answer: A Explanation:

The applications are required to be installed in order to use the migrated data. In this case Microsoft Office is required to open Excel files.

LoadStateLoadState is run on the destination computer. You should install all applications that were on the source computer on the destination before you run LoadState. You must run Loadstate. exe on computers running Windows Vista and Windows 7 from an administrative command prompt. To load profile data from an encrypted store named Mystore that is stored on a share named Migration on a file server named Fileserver and which is encrypted with the encryption key Mykey, use this command: loadstate

Question No: 224 – (Topic 3)

You have a computer that runs Windows 7 and Windows Internet Explorer 8. You have a third-party Internet Explorer toolbar installed on the computer.

You need to temporarily disable the toolbar. The solution must not affect any other installed toolbars.

What should you do?

Start an Inprivate Browsing session.

Run Msconfig.exe and enable Selective Startup.

From the Tools menu, select Compatibility View Settings.

From the Tools menu, open Manage Add-ons and modify the add-on settings.

Answer: D Explanation:

Add-Ons and Search Providers

Add-ons extend the functionality of Internet Explorer. Add-ons are usually downloaded and installed separately rather than being included with Internet Explorer. You manage add-ons through the Manage Add-Ons dialog box.

Toolbars and Extensions This area lists browser toolbars and extensions. Toolbars are additions to browsersthat add extra functionality to the browser interface. Extensions allow the browser to perform additional functions, such as playing media or opening some types of document file within the browser that the browser does not support natively.

Question No: 225 – (Topic 3)

You have a computer that runs Windows 7.

You open Windows Internet Explorer and access a Web site as shown in the exhibit. (Click the Exhibit button.)

You click the Suggested Sites button, but the suggestions fail to display. You need to obtain suggested sites.

Explanation: Opening a new Internet Explorer window will not open with InPrivate enabled.

InPrivate is turned onInPrivate Browsing helps prevent Internet Explorer from storing data about your browsing session. This includes cookies, temporary Internet files, history, and other data. Toolbars and extensions are disabled by default. You must enable InPrivate Filtering manually each time you start a new browsing session.

Question No: 226 – (Topic 3)

You have a computer that runs Windows 7.

You enable Advanced Audit Policy Configuration in the Local Computer Policy and discover that the policy is not applied.

You need to ensure that Advanced Audit Policy Configuration is applied on the computer. What should you do?

Restart the computer.

Run Gpupdate /force.

Enable the Security Settings policy option.

Run Secedit /refreshpolicy machine_policy.

Answer: B

Question No: 227 – (Topic 3)

You have a computer that runs Windows 7. You need to ensure that all users are required to enter a username and password when uninstalling applications from the computer. What should you do from Local Group Policy Editor?

Question No: 228 – (Topic 3)

You need to prevent ActiveX controls from running in Windows Internet Explorer. Which Internet Explorer settings should you modify?

Content

Encoding

Safety

Security

Answer: D Explanation: Security

You can use the slider to adjust the security level assigned to a zone. You can also configure whether a zone uses Protected Mode and Configure Custom Zone settings. Protected Mode is a technology that forces Internet Explorer to run as a low-integrity process. The security architecture of Windows 7 means that processes that are assigned lower integrities are unable to interact directly with objects that are assigned higher integrities. This means that any malware that might compromise the browser is blocked from causing damage to Windows 7 because it is unable to cause problems as a low- integrity process. The design of Windows 7 allows the processes that run in each tab to be separate from each other. This means that a tab that has a Web site in Protected Mode can run alongside a tab that has a site that is not running in Protected Mode. Sites that you do not trust, such as those on the Internet or within the Restricted Sites zone, are run in Protected Mode.

The three default security levels are Medium, Medium-High, and High. Each level is more restrictive, with High being the most restrictive. You can use the Custom Level button to configure a custom level of security for a zone. Items that can be configured include ActiveX control behavior, scripting, and user authentication settings. Unless your organization has unusual security requirements, the default security levels are usually sufficient.

Question No: 229 – (Topic 3)

You have a computer that runs Windows 7.

The Encrypting File System (EFS) key is compromised. You need to create a new EFS key.

Which command should you run?

Certutil -getkey

Cipher.exe /k

Icacls.exe /r

Syskey.exe

Answer: B Explanation: Cipher

Displays or alters the encryption of folders and files on NTFS volumes. Used without parameters, cipher displays the encryption state of the current folder and any files it contains.Administrators can use Cipher.exe to encrypt and decrypt data on drives that use the NTFS file system and to view the encryption status of files and folders from a command prompt. The updated version adds another security option. This new option is the ability to overwrite data that you have deleted so that it cannot be recovered and accessed.When you delete files or folders, the data is not initially removed from the hard disk. Instead, the space on the disk that was occupied by the deleted data is quot;deallocated.quot; After it is deallocated, the space is available for use when new data is written to the disk. Until the space is overwritten, it is possible to recover the deleted data by using a low-level disk editor or data-recovery software.If you create files in plain text and then encrypt them, Encrypting File System (EFS) makes a backup copy of the file so that, if an error occurs during the encryption process, the data is not lost. After the encryption is complete, the backup copy is deleted. As with other deleted files, the data is not completely removed until it has been overwritten. The new version of the Cipher utility is designed to prevent unauthorized recovery of such data.

/K Creates a new certificate and key for use with EFS. If this option is chosen, all the other options will be ignored. By default, /k creates a certificate and key that conform to current group plicy. If ECC is specified, a self-signed certificate will be created with the supplied key size. /R Generates an EFS recovery key and certificate, then writes them to a .PFX file (containing certificate and private key) and a .CER file (containing only the certificate). An administrator may add the contents of the .CER to the EFS recovery policy to create the recovery for users, and import the .PFX to recover individual files. If SMARTCARD is specified, then writes the recovery key and certificate to a smart card. A .CER file is generated (containing only the certificate). No .PFX file is genereated. By default, /R creates an 2048-bit RSA recovery key and certificate. If EECC is specified, it must be followed by a key size of 356, 384, or 521.

Question No: 230 – (Topic 3)

You need to prevent a custom application from connecting to the Internet. What should you do?

From Windows Firewall, add a program.

From Windows Defender, modify the Allowed items list.

From Windows Firewall with Advanced Security, create an inbound rule.

From Windows Firewall with Advanced Security, create an outbound rule.

Answer: D Explanation: Outbound Rule

Outbound rules allow you to block and allow traffic that originates on the computer from traveling out to the network.Creating WFAS Rules

The process for configuring inbound rules and outbound rules is essentially the same: In the WFAS console, select the node that represents the type of rule that you want to create and then click New Rule. This opens the New Inbound (or Outbound) Rule Wizard. The first page, allows you to specify the type of rule that you are going to create. You can select between a program, port, predefined, or custom rule. The program and predefined rules are similar to what you can create using Windows Firewall. A custom rule allows you to configure a rule based on criteria not covered by any of the other options. You would create a custom rule if you wanted a rule that applied to a particular service rather than a program or port. You can also use a custom rule if you want to create a rule that involves both a specific program and a set of ports. For example, if you wanted to allow communication to a specific program on a certain port but not other ports, you would create a custom rule.QUESTION NO: 290

You have a computer that runs Windows 7. The network contains a monitoring server named Server1. The computer runs a monitoring service named Service1. Service1 uses Remote Procedure Calls (RPCs). You need to ensure that Service1 can receive requests from Server1.

What should you do?

From Windows Firewall with Advanced Security, create a predefined rule.

From Windows Firewall with Advanced Security, create a custom rule.

From Network and Sharing Center, modify the network location settings.

The process for configuring inbound rules and outbound rules is essentially the same: In the WFAS console, select the node that represents the type of rule that you want to create and then click New Rule. This opens the New Inbound (or Outbound) Rule Wizard. The first page, allows you to specify the type of rule that you are going to create. You can select between a program, port, predefined, or custom rule. The program and predefined rules are similar to what you can create using Windows Firewall. A custom rule allows you to configure a rule based on criteria not covered by any of the other options. You would create a custom rule if you wanted a rule that applied to a particular service rather than a program or port. You can also use a custom rule if you want to create a rule that involves both a specific program and a set of ports. For example, if you wanted to allow communication to a specific program on a certain port but not other ports, you would create a custom rule.